A rapidly evolving cyber security threat landscape: RSA 2020

Chris Lewis

“The Human Element” at RSA 2020

We’ve just arrived back from our annual visit to the RSA cyber security show in San Francisco and while the talk around the stands was all about advanced data breaches, AI-enhanced automation, and cloud security, the official theme was, “The Human Element”. In a very real nod to the theme, the show coincided with the first reported case of Coronavirus in California, and attendance at the show was down, by popular estimate, around 30% as several large sponsors pulled out due to health concerns.

But in an industry where the marketing language increasingly points to AI-led attack and defence, bot-driven offense, and big data, why focus on the people? Plenty of reasons…

1) A massive skills shortage

Estimates of unfilled positions for cyber professionals globally vary anywhere from two to four million compared to a current workforce of around three million. Whatever the true number it is inescapable that there is, and will continue to be, a massive skills shortage. Efforts to build automation into security operations are critical to deal with this skill shortage. Equally, we are seeing a significant growth in high-end MSSPs able to offer SecOps, threat hunting, and remediation across multiple clients. In Europe, players like MWR (acquired by F-Secure), S21Sec, Mnemonic and Adarma have been leading the way in providing efficient, effective and often highly specialist solutions to their large corporate clients.

2) Data overload – cyber professionals are trying (and failing) to drink from the firehose

Against a backdrop of ever increasing threats, more complex hybrid IT environments, the growth of shadow IT, and the collection of almost infinite amounts of data, teams manning SOCs are overwhelmed by the very data which is being provided to support them. Deploying machine learning to triage alerts, remove false positives and prioritise actions and areas of focus is critical to success and is another key reason that SOAR (security orchestration, automation and response) providers were prominent at the show again this year. SOC-as-a-service platforms like Arctic Wolf and Cysiv are the next move in this space by offering an automated platform approach to threat hunting and remediation, and in doing so, are raising the technical bar for people to work on the most challenging of problems.

3) The only constant is change

The pace of change of the underlying technology stacks and the rapidly evolving threat landscape, means for those three million cyber professionals, staying current and combat ready is an ongoing battle. Bristol, UK-headquartered, Immersive Labs is taking an innovative approach to this issue by offering gamified, on-demand labs for cyber teams to upskill and adapt to emerging risks identified from threat intelligence.

4) Users: they are the weakest link

Email, the life-blood of business, is also by far the most prevalent source of cyber breaches, whether in the form of spear-phishing, whaling, evil twin or simply blanket bombing email addresses for a way in. The common theme is the user: clicking a malicious link, replying in good faith to a request for payment, or providing log-in details in response to a seemingly official request. Security awareness training and phishing campaign simulations are not new but are seeing growing adoption as the frequency and sophistication of phishing attacks grow dramatically. Most corporates now include some level of anti-phishing training and some are beginning to operate disciplinary measures on staff members who consistently fall for simulated phishing attacks. Major players like Cofense and KnowBe4, and new entrants like UK-based, Purplephish are all benefitting from this trend.

There is another, more sinister, type of user risk: the insider threat. Estimates suggest around 40% of data leakage comes from the insider threat where employees through disgruntlement, criminal intent or negligence cause a loss of data (often access credentials). The use of strong DLP technology or limiting user admin privileges with a PAM solution like BeyondTrust (formerly Avecto) or CyberArk provide key elements to combat this issue. London-based Tessian offers an alternative approach by adopting machine learning to prevent users unintentionally emailing data to the wrong recipient.

5) At the high-end, the best defence is human

Whilst hackers are increasingly using AI technology and automation to deliver attacks, ultimately the adversary is a human being. For cyber professionals dealing with advanced threats, being able to think like the attacker is crucial – thereby turning an offensive mindset into defence. AI is nowhere near being able to replicate years of human experience trying to hack into third party systems, and this is likely to remain the case for many years to come. Automation and data will continue to raise the bar in supporting human efforts to thwart attacks.

Since there is no silver bullet in cyber security, the human element will remain key. Whether this is by upskilling end-users to be alert to threats, providing scarce cyber professionals with up to the minute capabilities, or allowing the human brain to focus on the most difficult and important challenges, luckily the involvement of people in the industry is not going to be downgraded any time soon.

In the meantime, service providers and product vendors will continue to drive innovation to enhance the capabilities and focus of the three million people currently engaged in preventing and remediating cyber security breaches, and the industry will continue its rapid growth. We’re looking forward to seeing what’s in store for the 30th anniversary of the RSA conference, in 2021.

Please do get in touch if you’d like to discuss any of the themes with us, or to have an informal conversation about the next stage of your company’s development. We look forward to speaking with you soon.